Code Coverage for /data/phpBB/ucp.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 187		n/a	0 / 0	CRAP		n/a	0 / 0

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	define('IN_PHPBB', true);
18	$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
19	$phpEx = substr(strrchr(__FILE__, '.'), 1);
20	require($phpbb_root_path . 'common.' . $phpEx);
21	require($phpbb_root_path . 'includes/functions_user.' . $phpEx);
22	require($phpbb_root_path . 'includes/functions_module.' . $phpEx);
23
24	// Basic parameter data
25	$id = $request->variable('i', '');
26	$mode = $request->variable('mode', '');
27
28	if (in_array($mode, array('login', 'login_link', 'logout', 'confirm', 'sendpassword', 'activate')))
29	{
30	define('IN_LOGIN', true);
31	}
32
33	if ($mode === 'delete_cookies')
34	{
35	define('SKIP_CHECK_BAN', true);
36	define('SKIP_CHECK_DISABLED', true);
37	}
38
39	// Start session management
40	$user->session_begin();
41	$auth->acl($user->data);
42	$user->setup('ucp');
43
44	// Setting a variable to let the style designer know where he is...
45	$template->assign_var('S_IN_UCP', true);
46
47	$module = new p_master();
48	$default = false;
49
50	/** @var \phpbb\controller\helper $controller_helper */
51	$controller_helper = $phpbb_container->get('controller.helper');
52
53	// Basic "global" modes
54	switch ($mode)
55	{
56	case 'activate':
57	$module->load('ucp', 'activate');
58	$module->display($user->lang['UCP_ACTIVATE']);
59
60	redirect($controller_helper->route('phpbb_index_controller'));
61	break;
62
63	case 'resend_act':
64	$module->load('ucp', 'resend');
65	$module->display($user->lang['UCP_RESEND']);
66	break;
67
68	case 'sendpassword':
69	redirect($controller_helper->route('phpbb_ucp_forgot_password_controller'));
70	break;
71
72	case 'register':
73	if ($user->data['is_registered'] \|\| isset($_REQUEST['not_agreed']))
74	{
75	redirect($controller_helper->route('phpbb_index_controller'));
76	}
77
78	$module->load('ucp', 'register');
79	$module->display($user->lang['REGISTER']);
80	break;
81
82	case 'confirm':
83	$module->load('ucp', 'confirm');
84	break;
85
86	case 'login':
87	if ($user->data['is_registered'])
88	{
89	redirect($controller_helper->route('phpbb_index_controller'));
90	}
91
92	login_box($request->variable('redirect', "index.$phpEx"));
93	break;
94
95	case 'login_link':
96	if ($user->data['is_registered'])
97	{
98	redirect($controller_helper->route('phpbb_index_controller'));
99	}
100
101	$module->load('ucp', 'login_link');
102	$module->display($user->lang['UCP_LOGIN_LINK']);
103	break;
104
105	case 'logout':
106	if ($user->data['user_id'] != ANONYMOUS && check_link_hash($request->variable('hash', ''), 'ucp_logout'))
107	{
108	$user->session_kill();
109	}
110	else if ($user->data['user_id'] != ANONYMOUS)
111	{
112	meta_refresh(3, $controller_helper->route('phpbb_index_controller'));
113
114	$message = $user->lang['LOGOUT_FAILED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . $controller_helper->route('phpbb_index_controller') . '">', '</a> ');
115	trigger_error($message);
116	}
117
118	redirect($controller_helper->route('phpbb_index_controller'));
119	break;
120
121	case 'terms':
122	case 'privacy':
123
124	$message = ($mode == 'terms') ? 'TERMS_OF_USE_CONTENT' : 'PRIVACY_POLICY';
125	$title = ($mode == 'terms') ? 'TERMS_USE' : 'PRIVACY';
126
127	if (empty($user->lang[$message]))
128	{
129	if ($user->data['is_registered'])
130	{
131	redirect($controller_helper->route('phpbb_index_controller'));
132	}
133
134	login_box();
135	}
136
137	$template->set_filenames(array(
138	'body' => 'ucp_agreement.html')
139	);
140
141	// Disable online list
142	page_header($user->lang[$title]);
143
144	$template->assign_vars(array(
145	'S_AGREEMENT' => true,
146	'AGREEMENT_TITLE' => $user->lang[$title],
147	'AGREEMENT_TEXT' => sprintf($user->lang[$message], $config['sitename'], generate_board_url()),
148	'U_BACK' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),
149	'L_BACK' => $user->lang['BACK_TO_PREV'],
150	));
151
152	page_footer();
153
154	break;
155
156	case 'delete_cookies':
157	// Redirect to controller
158	redirect($controller_helper->route('phpbb_ucp_delete_cookies_controller'));
159	break;
160
161	case 'switch_perm':
162	$user_id = $request->variable('u', 0);
163
164	$sql = 'SELECT *
165	FROM ' . USERS_TABLE . '
166	WHERE user_id = ' . (int) $user_id;
167	$result = $db->sql_query($sql);
168	$user_row = $db->sql_fetchrow($result);
169	$db->sql_freeresult($result);
170
171	if (!$auth->acl_get('a_switchperm') \|\| !$user_row \|\| $user_id == $user->data['user_id'] \|\| !check_link_hash($request->variable('hash', ''), 'switchperm'))
172	{
173	redirect($controller_helper->route('phpbb_index_controller'));
174	}
175
176	include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
177
178	$auth_admin = new auth_admin();
179	if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id']))
180	{
181	redirect($controller_helper->route('phpbb_index_controller'));
182	}
183
184	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ACL_TRANSFER_PERMISSIONS', false, array($user_row['username']));
185
186	$message = sprintf($user->lang['PERMISSIONS_TRANSFERRED'], $user_row['username']) . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . $controller_helper->route('phpbb_index_controller') . '">', '</a>');
187
188	/**
189	* Event to run code after permissions are switched
190	*
191	* @event core.ucp_switch_permissions
192	* @var int user_id User ID to switch permission to
193	* @var array user_row User data
194	* @var string message Success message
195	* @since 3.1.11-RC1
196	*/
197	$vars = array('user_id', 'user_row', 'message');
198	extract($phpbb_dispatcher->trigger_event('core.ucp_switch_permissions', compact($vars)));
199
200	trigger_error($message);
201
202	break;
203
204	case 'restore_perm':
205	if (!$user->data['user_perm_from'] \|\| !$auth->acl_get('a_switchperm'))
206	{
207	redirect($controller_helper->route('phpbb_index_controller'));
208	}
209
210	$auth->acl_cache($user->data);
211
212	$sql = 'SELECT username
213	FROM ' . USERS_TABLE . '
214	WHERE user_id = ' . $user->data['user_perm_from'];
215	$result = $db->sql_query($sql);
216	$username = $db->sql_fetchfield('username');
217	$db->sql_freeresult($result);
218
219	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ACL_RESTORE_PERMISSIONS', false, array($username));
220
221	$message = $user->lang['PERMISSIONS_RESTORED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . $controller_helper->route('phpbb_index_controller') . '">', '</a>');
222
223	/**
224	* Event to run code after permissions are restored
225	*
226	* @event core.ucp_restore_permissions
227	* @var string username User name
228	* @var string message Success message
229	* @since 3.1.11-RC1
230	*/
231	$vars = array('username', 'message');
232	extract($phpbb_dispatcher->trigger_event('core.ucp_restore_permissions', compact($vars)));
233
234	trigger_error($message);
235
236	break;
237
238	default:
239	$default = true;
240	break;
241	}
242
243	// We use this approach because it does not impose large code changes
244	if (!$default)
245	{
246	return true;
247	}
248
249	// Only registered users can go beyond this point
250	if (!$user->data['is_registered'])
251	{
252	if ($user->data['is_bot'])
253	{
254	redirect($controller_helper->route('phpbb_index_controller'));
255	}
256
257	if ($id == 'pm' && $mode == 'view' && isset($_GET['p']))
258	{
259	$redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx?i=pm&p=" . $request->variable('p', 0));
260	login_box($redirect_url, $user->lang['LOGIN_EXPLAIN_UCP']);
261	}
262
263	login_box('', $user->lang['LOGIN_EXPLAIN_UCP']);
264	}
265
266	// Instantiate module system and generate list of available modules
267	$module->list_modules('ucp');
268
269	// Check if the zebra module is set
270	if ($module->is_active('zebra', 'friends'))
271	{
272	// Output listing of friends online
273	$update_time = $config['load_online_time'] * 60;
274
275	$sql_ary = array(
276	'SELECT' => 'u.user_id, u.username, u.username_clean, u.user_colour, MAX(s.session_time) as online_time, MIN(s.session_viewonline) AS viewonline',
277
278	'FROM' => array(
279	USERS_TABLE => 'u',
280	ZEBRA_TABLE => 'z',
281	),
282
283	'LEFT_JOIN' => array(
284	array(
285	'FROM' => array(SESSIONS_TABLE => 's'),
286	'ON' => 's.session_user_id = z.zebra_id',
287	),
288	),
289
290	'WHERE' => 'z.user_id = ' . $user->data['user_id'] . '
291	AND z.friend = 1
292	AND u.user_id = z.zebra_id',
293
294	'GROUP_BY' => 'z.zebra_id, u.user_id, u.username_clean, u.user_colour, u.username',
295
296	'ORDER_BY' => 'u.username_clean ASC',
297	);
298
299	/**
300	* Event to modify the SQL query before listing of friends
301	*
302	* @event core.ucp_modify_friends_sql
303	* @var array sql_ary SQL query array for listing of friends
304	*
305	* @since 3.2.10-RC1
306	* @since 3.3.1-RC1
307	*/
308	$vars = [
309	'sql_ary',
310	];
311	extract($phpbb_dispatcher->trigger_event('core.ucp_modify_friends_sql', compact($vars)));
312
313	$sql = $db->sql_build_query('SELECT_DISTINCT', $sql_ary);
314	$result = $db->sql_query($sql);
315
316	while ($row = $db->sql_fetchrow($result))
317	{
318	$which = (time() - $update_time < $row['online_time'] && ($row['viewonline'] \|\| $auth->acl_get('u_viewonline'))) ? 'online' : 'offline';
319
320	$tpl_ary = [
321	'USER_ID' => $row['user_id'],
322	'U_PROFILE' => get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']),
323	'USER_COLOUR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']),
324	'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
325	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'])
326	];
327
328	/**
329	* Event to modify the template before listing of friends
330	*
331	* @event core.ucp_modify_friends_template_vars
332	* @var array row friend user row
333	* @var array tpl_ary friend template array
334	* @var string which friend is 'online' or 'offline'
335	*
336	* @since 3.2.10-RC1
337	* @since 3.3.1-RC1
338	*/
339	$vars = [
340	'row',
341	'tpl_ary',
342	'which',
343	];
344	extract($phpbb_dispatcher->trigger_event('core.ucp_modify_friends_template_vars', compact($vars)));
345
346	$template->assign_block_vars("friends_{$which}", $tpl_ary);
347	}
348	$db->sql_freeresult($result);
349	}
350
351	// Do not display subscribed topics/forums if not allowed
352	if (!$config['allow_topic_notify'] && !$config['allow_forum_notify'])
353	{
354	$module->set_display('main', 'subscribed', false);
355	}
356
357	/**
358	* Use this event to enable and disable additional UCP modules
359	*
360	* @event core.ucp_display_module_before
361	* @var p_master module Object holding all modules and their status
362	* @var mixed id Active module category (can be the int or string)
363	* @var string mode Active module
364	* @since 3.1.0-a1
365	*/
366	$vars = array('module', 'id', 'mode');
367	extract($phpbb_dispatcher->trigger_event('core.ucp_display_module_before', compact($vars)));
368
369	$template->assign_block_vars('navlinks', array(
370	'BREADCRUMB_NAME' => $user->lang('UCP'),
371	'U_BREADCRUMB' => append_sid("{$phpbb_root_path}ucp.$phpEx"),
372	));
373
374	// Select the active module
375	$module->set_active($id, $mode);
376
377	// Load and execute the relevant module
378	$module->load_active();
379
380	// Assign data to the template engine for the list of modules
381	$module->assign_tpl_vars(append_sid("{$phpbb_root_path}ucp.$phpEx"));
382
383	// Generate the page, do not display/query online list
384	$module->display($module->get_page_title());